1// Copyright 2009 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package aes 6 7import ( 8 "crypto/cipher" 9 "crypto/internal/alias" 10 "crypto/internal/boring" 11 "strconv" 12) 13 14// The AES block size in bytes. 15const BlockSize = 16 16 17// A cipher is an instance of AES encryption using a particular key. 18type aesCipher struct { 19 l uint8 // only this length of the enc and dec array is actually used 20 enc [28 + 32]uint32 21 dec [28 + 32]uint32 22} 23 24type KeySizeError int 25 26func (k KeySizeError) Error() string { 27 return "crypto/aes: invalid key size " + strconv.Itoa(int(k)) 28} 29 30// NewCipher creates and returns a new [cipher.Block]. 31// The key argument should be the AES key, 32// either 16, 24, or 32 bytes to select 33// AES-128, AES-192, or AES-256. 34func NewCipher(key []byte) (cipher.Block, error) { 35 k := len(key) 36 switch k { 37 default: 38 return nil, KeySizeError(k) 39 case 16, 24, 32: 40 break 41 } 42 if boring.Enabled { 43 return boring.NewAESCipher(key) 44 } 45 return newCipher(key) 46} 47 48// newCipherGeneric creates and returns a new cipher.Block 49// implemented in pure Go. 50func newCipherGeneric(key []byte) (cipher.Block, error) { 51 c := aesCipher{l: uint8(len(key) + 28)} 52 expandKeyGo(key, c.enc[:c.l], c.dec[:c.l]) 53 return &c, nil 54} 55 56func (c *aesCipher) BlockSize() int { return BlockSize } 57 58func (c *aesCipher) Encrypt(dst, src []byte) { 59 if len(src) < BlockSize { 60 panic("crypto/aes: input not full block") 61 } 62 if len(dst) < BlockSize { 63 panic("crypto/aes: output not full block") 64 } 65 if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { 66 panic("crypto/aes: invalid buffer overlap") 67 } 68 encryptBlockGo(c.enc[:c.l], dst, src) 69} 70 71func (c *aesCipher) Decrypt(dst, src []byte) { 72 if len(src) < BlockSize { 73 panic("crypto/aes: input not full block") 74 } 75 if len(dst) < BlockSize { 76 panic("crypto/aes: output not full block") 77 } 78 if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { 79 panic("crypto/aes: invalid buffer overlap") 80 } 81 decryptBlockGo(c.dec[:c.l], dst, src) 82} 83